[2226] in bugtraq
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
daemon@ATHENA.MIT.EDU (System Administrator)
Mon Sep 11 10:04:46 1995
Date: Mon, 11 Sep 1995 09:20:20 +0100
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: System Administrator <root@iifeak.swan.ac.uk>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <199509042254.XAA12971@legless> from "Neil Woods" at Sep 4,
95 11:54:54 pm
> 3) Rampant hacking would ensue.
>
> As for vulnerability, I believe both FreeBSD and Linux have fixes
> available.
libc4.7.2 fixed it in May. I had assumed that their fix and log in the
libc was what had sparked the alert.. ah well wrong again 8)
Alan
> P.S. Next time this kind of bug crops up, expect exploits to be
> available much more quickly - modifying an exploit for syslog()
> would be extremely straightforward :-|
PS: Have a look at the source code of tin very carefully in that case.
